locked
Access to web site wroks from external and presents a blank page internally RRS feed

  • Question

  • User712610901 posted

    I do have this message "The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again." and I tried the solutions provided in other threads to no result. This site worked with an external ISA 2004 Windows 2003 and I moved the ISA to my Hyper V box within a virtual machine with TMG ISA 2010 on Windows 2008 R2.  With the ISA within the Hyper V my external accesses work and my internal accesses to the site fails with a blank page.  Any thoughts?

    Friday, January 18, 2013 7:37 PM

Answers

  • User-1122936508 posted

    Hi,

    I am not asking you to make these changes - I am asking what your configuration is. Installing the Forefront TMG client will result in all traffic being proxied via the Forefront server *unless* you configure an exception. Hence it is important to understand where your traffic is going.

    If it's going via a proxy server, then your client needs to talk to the proxy, and the proxy needs to be able to communicate with the server - so it's a two step process where both steps need to be verified. If the client is speaking directly to the server, then it's a different traffic flow that needs to be verified.

    So the first step is understanding what your configuration is.

    Alternatively, you can install a low level tool like Wireshark or Microsoft Network Monitor on the client, and see exactly what the client is attempting to do on the network. Verify that DNS is working correctly, and that the client is connecting to the correct server (web server or proxy server depending on what's supposed to happen).

    Also, do not make random changes to your network without understanding the consequences - otherwise it may be that other changes you've made in the past are causing the issue, but because you weren't aware of all the resulting impact, you haven't thought to mention those changes here.

    Cheers
    Ken

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, January 28, 2013 7:30 PM

All replies

  • User-1122936508 posted

    This site worked with an external ISA 2004 Windows 2003 and I moved the ISA to my Hyper V box within a virtual machine with TMG ISA 2010 on Windows 2008 R2.  With the ISA within the Hyper V my external accesses work and my internal accesses to the site fails with a blank page.  Any thoughts?

    If the site is working when accessed externally, then IIS must be configured correctly (at least for one scenario).

    When accessing the site internally, do you clients have the Forefront TMG client installed?

    Alternatively, are they configured to use the TMG server as a proxy server?

    The element that appears to differentiate the working from the non-working scenario is possibly the configuration of the TMG server or clients.

    Cheers
    Ken

    Saturday, January 19, 2013 1:28 AM
  • User712610901 posted

    I installed the TMG client without any result change.  I also used TMG as a proxy; however, when I tried to set up the use of a proxy under the LAN settings button, it lets me change to proxy but it does not stick and reverts automatically detct settings.  I have still the same issue.  One additional point.  If I hit browse from the Actions side of the IIS clarityphotos home, the page does not display as well.

    Sunday, January 27, 2013 9:29 PM
  • User-1122936508 posted

    Hi,

    I am not asking you to make these changes - I am asking what your configuration is. Installing the Forefront TMG client will result in all traffic being proxied via the Forefront server *unless* you configure an exception. Hence it is important to understand where your traffic is going.

    If it's going via a proxy server, then your client needs to talk to the proxy, and the proxy needs to be able to communicate with the server - so it's a two step process where both steps need to be verified. If the client is speaking directly to the server, then it's a different traffic flow that needs to be verified.

    So the first step is understanding what your configuration is.

    Alternatively, you can install a low level tool like Wireshark or Microsoft Network Monitor on the client, and see exactly what the client is attempting to do on the network. Verify that DNS is working correctly, and that the client is connecting to the correct server (web server or proxy server depending on what's supposed to happen).

    Also, do not make random changes to your network without understanding the consequences - otherwise it may be that other changes you've made in the past are causing the issue, but because you weren't aware of all the resulting impact, you haven't thought to mention those changes here.

    Cheers
    Ken

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, January 28, 2013 7:30 PM